New SAQ A-EP Addresses E-Commerce Merchants Using Payment Redirects

March 7, 2014 • Published by Tim Thomas Industry TopicsEcommerce, PCI 3.0, Penetration Testing, Requirement 11.2, Requirement 11.3, SAQ, SAQ A, SAQ A-EP, Vulnerability Scanning

The new PCI DSS version 3.0 Self Assessment Questionnaires (SAQs) are out, and after our initial look, there are some notable differences. This article focuses on the brand new “SAQ A-EP” for “Partially Outsourced E-commerce Merchants Using a Third-Party Website for Payment Processing.” NOTE: After reading … Read more

Don’t Be Fooled! There’s No Such Thing as an Automated Penetration Test.

October 22, 2012 • Published by Jarred White PCI 101Penetration Testing, Requirement 11.2, Requirement 11.3, Vulnerability Scanning

Looking for a Penetration Test Vendor? Many small merchants, having been told they need a “network penetration test,” will seek out the quickest and cheapest way possible to comply with this Payment Card Industry Data Security Standard (PCI DSS) requirement. This is certainly understandable, given … Read more